Trend Micro experts have analyzed the malware dubbed TSPY_MINOCDO.A

Apr 7, 2013 07:01 GMT  ·  By

Facebook phishing scams are not uncommon, but every once in a while experts come across a new type of scheme. 

Researchers from security firm Trend Micro have come across a piece of malware, TSPY_MINOCDO.A, that’s designed to modify local HOST files and monitor browser activity in an effort to redirect victims to a bogus Facebook security check page.

The malware, which is executed every time the computer starts, waits for the user to visit facebook.com or www.facebook.com. When one of the addresses is detected, victims are redirected to a page which informs them that “Security checks help keep Facebook trustworthy and free of spam.”

The malicious page requests all sorts of information, including name, address, phone number, and financial details.

To make sure their scheme is robust, the attackers designed the malware to perform DNS queries to several domain names associated with the phishing site.

If you come across a page such as the one from the screenshot, it’s likely that your computer is infected with the malware. If you’ve already provided the data on the malicious page, contact your bank immediately.

Also, run an antivirus scan to get rid of the malware.